...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <random>
#include <string>
void f() {
std::string id("ID"); // Holds the ID, starting with the characters "ID" followed
// by a random integer in the range [0-10000].
std::uniform_int_distribution<int> distribution(0, 10000);
std::random_device rd;
std::mt19937 engine(rd());
id += std::to_string(distribution(engine));
// ...
}
|
Note that this compliant solution also seeds the random number engine, in conformance with MSC32-CPP. Ensure your random number generator is properly seeded.
Risk Assessment
Using std::rand() function could lead to predictable random numbers.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| CERT C++ Coding Standard | MSC32-CPP. Ensure your random number generator is properly seeded |
| CERT C Coding Standard | MSC30-C. Do not use the rand() function for generating pseudorandom numbers |
| CERT Oracle Secure Coding Standard for Java | MSC02-J. Generate strong random numbers |
| MITRE CWE | CWE-327, Use of a Broken or Risky Cryptographic Algorithm CWE-330, Use of Insufficiently Random Values |
...